Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS7599491 B2
Publication typeGrant
Application numberUS 10/119,803
Publication dateOct 6, 2009
Filing dateApr 11, 2002
Priority dateJan 11, 1999
Fee statusPaid
Also published asCA2424484A1, CA2424484C, CA2796149A1, CA2796149C, US8280048, US8621239, US20030194086, US20090262930, US20130073867
Publication number10119803, 119803, US 7599491 B2, US 7599491B2, US-B2-7599491, US7599491 B2, US7599491B2
InventorsRobert J. Lambert
Original AssigneeCerticom Corp.
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Method for strengthening the implementation of ECDSA against power analysis
US 7599491 B2
Abstract
A method of inhibiting the disclosure of confidential information through power analysis attacks on processors in cryptographic systems. The method masks a cryptographic operation using a generator G. A secret value, which may be combined with the generator G to form a secret generator is generated. The secret value is divided into a plurality of parts. A random value is generated for association with the plurality of parts. Each of the plurality of parts is combined with the random value to derive a plurality of new values such that the new values when combined are equivalent to the secret value. Each of the new values is used in the cryptographic operation, thereby using the secret generator in place of the generator G in the cryptographic operation. The introduction of randomness facilitates the introduction of noise into algorithms used by cryptographic systems so as to mask the secret value and provide protection against power analysis attacks.
Images(4)
Previous page
Next page
Claims(22)
1. A computer-implemented method of masking a cryptographic operation comprising generation of a signature r, s in a public key elliptic curve cryptographic system, said operation utilizing both a long term private key d and a short term private key k, wherein r=Kx mod n with K being a public key derived from the short term private key k and a generating point G, Kx being the representation of the x coordinate of the key K and n the order of the generating point G, and wherein s=1/k (e+dr) with e being a hash of the message to be signed and d being the long term private key, said method comprising the steps of: applying masking values to each of said long term private key and short term private key during at least a portion of said cryptographic operation to produce a result, said result corresponding to that obtained without application of said masking values whereby observation of said private keys is inhibited by said masking values during said cryptographic operation.
2. The computer-implemented method according to claim 1 wherein a first masking value is applied to said long term private key and a second masking value different from said first masking value is applied to said short term private key.
3. The computer-implemented method according to claim 2 wherein one of said masking values is applied to a respective one of said keys to obtain a scalar multiple of said key.
4. The computer-implemented method according to claim 1 wherein one of said masking values is applied to a respective one of said keys to obtain a scalar multiple of said key.
5. The computer-implemented method according to claim 1 wherein said cryptographic operation requires inversion of one of said keys and a respective one of said masking values is applied to said one key to mask said key during inversion.
6. The computer-implemented method according to claim 1 wherein said masking values change after each cryptographic operation.
7. The computer-implemented method according to claim 1 wherein one of said keys is split into component parts and a masking value applied to each of said parts.
8. The computer-implemented method according to claim 1 wherein masking values are applied to each of the private keys K and d in the signature component s.
9. The computer-implemented method according to claim 1 wherein a masking value is applied to the component s to produce a scalar multiple of the short term key k.
10. The computer-implemented method according to claim 8 wherein a first masking value is applied to said short term private key k and a second value different from said first masking value is applied to said long term private key d.
11. The computer-implemented method according to claim 10 wherein said long term private key d is divided into multiple parts and said second masking value applied in a complementary manner to each of said parts, such that, when said parts are combined, the value of said long term private key d is obtained.
12. A cryptographic co-processor for masking a cryptographic operation comprising generation of a signature r, s in a public key elliptic curve cryptographic system, said operation utilizing both a long term private key d and a short term private key k, wherein r=Kx mod n with K being a public key derived from the short term private key k and a generating point G, Kx being the representation of the x coordinate of the key K and n being the order of the generating point G, and wherein s=1/k (e+dr) with e being a hash of the message to be signed and d being the long term private key, said cryptographic module being configured for: applying masking values to each of said long term private key and short term private key during at least a portion of said cryptographic operation to produce a result, said result corresponding to that obtained without application of said masking values whereby observation of said private keys is inhibited by said masking values during said cryptographic operation.
13. The cryptographic co-processor according to claim 12 wherein a first masking value is applied to said long term private key and a second masking value different from said first masking value is applied to said short term private key.
14. The cryptographic co-processor according to claim 13 wherein one of said masking values is applied to a respective one of said keys to obtain a scalar multiple of said key.
15. The cryptographic co-processor according to claim 12 wherein one of said masking values is applied to a respective one of said keys to obtain a scalar multiple of said key.
16. The cryptographic co-processor according to claim 12 wherein said cryptographic operation requires inversion of one of said keys and a respective one of said masking values is applied to said one key to mask said key during inversion.
17. The cryptographic co-processor according to claim 12 wherein said masking values change after each cryptographic operation.
18. The cryptographic co-processor according to claim 12 wherein one of said keys is split into component parts and a masking value applied to each of said parts.
19. The cryptographic co-processor according to claim 12 wherein masking values are applied to each of the private keys K and d in the signature component s.
20. The cryptographic co-processor according to claim 12 wherein a masking value is applied to the component s to produce a scalar multiple of the short term key k.
21. The cryptographic co-processor according to claim 20 wherein a first masking value is applied to said short term private key k and a second value different from said first masking value is applied to said long term private key d.
22. The cryptographic co-processor according to claim 21 wherein said long term private key d is divided into multiple parts and said second masking value applied in a complementary manner to each of said parts, such that, when said parts are combined, the value of said long term private key d is obtained.
Description

This application is a continuation-in-part of U.S. application Ser. No. 09/900,959 filed on Jul. 10, 2001, now U.S. Pat. No. 7,092,523; which is a continuation-in-part of application No. PCT/CA00/00021 filed on Jan. 11, 2000 claiming priority from Canadian Application No. 2,258,338 filed Jan. 11, 1999, and a continuation-in-part of application No. PCT/CA00/00030 filed on Jan. 14, 2000 claiming priority from Canadian Application No. 2,259,089 filed on Jan. 15, 1999. The contents of all the above applications are incorporated herein by reference.

FIELD OF THE INVENTION

This invention relates to a method for minimizing the vulnerability of cryptographic systems to power analysis-type attacks.

BACKGROUND OF THE INVENTION

Cryptographic systems generally owe their security to the fact that a particular piece of information is kept secret. When a cryptographic algorithm is designed, it is usually assumed that a potential attacker has access to only the public values. Without the secret information it is computationally infeasible to break the scheme or the algorithm. Once an attacker is in possession of a piece of secret information they may be able to forge the signature of the victim and also decrypt secret messages intended for the victim. Thus it is of paramount importance to maintain the secrecy and integrity of the secret information in the system. The secret information is generally stored within a secure boundary in the memory space of the cryptographic processor, making it difficult for an attacker to gain direct access to the secret information. Manufacturers incorporate various types of tamper-proof hardware to prevent illicit access to the secret information. In order to decide how much tamper proofing to implement in the cryptographic system, the designers must consider the resources available to a potential attacker and the value of the information being protected. The magnitude of these resources is used to determine how much physical security to place within the device to thwart attackers who attempt to gain direct access to the secure memory. Tamper-proof devices can help prevent an attacker who is unwilling or unable to spend large amounts of time and money from gaining direct access to the secret information in the cryptographic system. Typically, the amount of work that is required to defeat tamper proof hardware exceeds the value of the information being protected.

However, a new class of attacks has been developed on cryptographic systems that are relatively easy and inexpensive to mount in practice since they ignore the tamper-proof hardware. Recent attacks on cryptographic systems have shown that devices with secure memory may leak information that depends on the secret information, for example in the power usage of a processor computing with private information. Such attacks take advantage of information provided by an insecure channel in the device by using the channel in a method not anticipated by its designers, and so render redundant any tamper proofing in the device. Such insecure channels can be the power supply, electromagnetic radiation, or the time taken to perform operations. At particular risk are portable cryptographic tokens, including smart cards, pagers, personal digital assistants, and the like. Smart cards are especially vulnerable since they rely on an external power supply, whose output may be monitored non-intrusively. Access to the power supply is required for proper functioning of the device and so is not usually prevented with tamper-proof hardware.

Further, constrained devices tend not to have large amounts of electromagnetic shielding. Since the device is self-contained and dedicated, the power consumption and electromagnetic radiation of the smart card may be monitored as the various cryptographic algorithms are executed. Thus in a constrained environment, such as a smart card, it may be possible for an attacker to monitor an unsecured channel that leaks secret information. Such monitoring may yield additional information that is intended to be secret which, when exposed, can significantly weaken the security of a cryptographic system.

In response to the existence of such unsecured channels, manufacturers have attempted to minimize the leakage of information from cryptographic devices. However, certain channels leak information due to their physical characteristics and so it is difficult to completely eliminate leakage. A determined attacker may be able to glean information by collecting a very large number of samples and applying sophisticated statistical techniques. In addition, there are severe restrictions on what can be done in hardware on portable cryptographic tokens that are constrained in terms of power consumption and size. As a result, cryptographic tokens are particularly vulnerable to these types of attacks using unsecured channels.

The more recent attacks using the power supply that can be performed on these particularly vulnerable devices are simple power analysis, differential power analysis, higher order differential power analysis, and other related techniques. These technically sophisticated and extremely powerful analysis tools may be used by an attacker to extract secret keys from cryptographic devices. It has been shown that these attacks can be mounted quickly and inexpensively, and may be implemented using readily available hardware.

The amount of time required for these attacks depends on the type of attack and varies somewhat by device. For example it has been shown that simple power analysis (SPA) typically takes a few seconds per card, while differential power analysis (DPA) can take several hours. In order to perform SPA, the attacker usually only needs to monitor one cryptographic operation. To perform DPA, many operations must be observed. In one method used, in order to monitor the operations, a small resistor is connected in series to smart card's power supply and the voltage across the resistor is measured. The current used can be found by a simple computation based on the voltage and the resistance. A plot of current against time is called a power trace and shows the amount of current drawn by the processor during a cryptographic operation. Since cryptographic algorithms tend to perform different operations having different power requirements depending on the value of the secret key, there is a correlation between the value of the secret key and the power consumption of the device.

Laborious but careful analysis of end-to-end power traces can determine the fundamental operation performed by the algorithm based on each bit of a secret key and thus, be analyzed to find the entire secret key, compromising the system. DPA primarily uses statistical analysis and error correction techniques to extract information that may be correlated to secret keys, while the SPA attacks use primarily visual inspection to identify relevant power fluctuations. In SPA, a power trace is analyzed for any discernible features corresponding to bits of the secret key. The amount of power consumed varies depending on the executed microprocessor instructions. For example, in a typical “square-and-multiply” algorithm for exponentiation, a bit 1 in the exponent will cause the program to perform both squaring and multiply operations, while a bit 0 will cause the multiply operation to be skipped. An attacker may be able to read off the bits of a secret exponent by detecting whether the multiply operation is performed at different bit positions.

A DPA attack attempts to detect more subtle features from the power traces and is more difficult to prevent. To launch a DPA attack, a number of digital signatures are generated and the corresponding power traces are collected. The power trace may be regarded as composed of two distinct parts, namely signal and noise. The patterns that correspond to private key operations tend to remain more or less constant throughout all power traces. These patterns may be regarded as the signal. The other parts of the computation, which correspond to changing data, result in differing patterns in each power trace. These patterns can be regarded as the noise. Statistical analysis can be performed on all the power traces to separate the signal from the noise. The secret value is then derived using the identified signal.

Various techniques for preventing these power analysis attacks have been attempted to date. Manufacturers of smart cards and smart card processors have introduced random wait states and address scrambling. Smart card algorithms avoid performing significantly different operations depending on the value of a secret key and also avoid conditional jump instructions. Hardware solutions include providing well-filtered power supplies and physical shielding of processor elements or the addition of noise unrelated to secrets. However, the vulnerabilities to DPA result from transistor and circuit electrical behaviors that propagate to exposed logic gates, microprocessor operation, and ultimately the software implementations. Cryptographic algorithms to date have been designed with the assumption that there is no leakage of secret information, however with the advent of successful power analysis attacks, it is no longer prudent to assume that a cryptographic device which will leak no secret information can be manufactured. Information stored in constrained environments is particularly difficult to protect against leakage through an unsecured channel during cryptographic operations.

Accordingly, there is a need for a system for reducing the risk of a successful power analysis attack and which is particularly applicable to current hardware environments.

SUMMARY OF THE INVENTION

In accordance with this invention, there is provided a method of inhibiting the disclosure of confidential information through power analysis attacks on processors in cryptographic systems. The method of masking a cryptographic operation using a generator G comprises the steps of:

    • a) generating a secret value, which may be combined with the generator G to form a secret generator;
    • b) dividing the secret value into a plurality of parts;
    • c) generating a random value for association with the plurality of parts;
    • d) combining each of the plurality of parts with the random value to derive a plurality of new values such that the new values when combined are equivalent to the secret value; and
    • e) using each of the new values in the cryptographic operation, thereby using the secret generator in place of the generator G in the cryptographic operation.

The introduction of randomness facilitates the introduction of noise into algorithms used by cryptographic systems so as to mask the secret value and provide protection against power analysis attacks.

BRIEF DESCRIPTION OF THE DRAWINGS

An embodiment of the invention will now be described by way of example only with reference to the accompanying drawings in which:

FIG. 1 is a schematic diagram of a constrained device;

FIG. 2 is a schematic representation of steps of a method performed by the device of FIG. 1; and

FIG. 3 is a flow diagram illustrating an embodiment of the invention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

A mechanism for protection against power analysis attacks on cryptographic systems involves the introduction of random values into existing algorithms employed by cryptographic systems. These random values are intended to introduce noise into the system.

This technique can be applied to a number of cryptographic systems, including encryption algorithms, decryption algorithms, signature schemes, and the like. In the preferred embodiment, the technique is applied to the ECDSA (elliptic curve digital signature algorithm) on a constrained device, typically a smart card, in order to inhibit the leakage of secret information.

In the ECDSA, as described in the ANSI X9.62 standard, the public values are:

    • The domain parameters: An elliptic curve group E generated by a point G, and a finite field F.
    • The signer's long-term public key D (corresponding to a long-term private key d).
    • The signature (r, s).

FIG. 1 shows generally a smart card (10) for use in a cryptographic system. The smart card incorporates a random number generator (RNG) (11), which may be implemented as hardware or software. The card also includes a cryptographic module (CRYPTO) (14), which may be for example a cryptographic co-processor or specialized software routines. The card includes a memory space (13) for storage needed while making computations, and a parameter storage space (17,18,19,21) for storing the parameters G, G′, β1, β2 of the system. The card also includes a secure memory space (15,16) for storing its private key d split into two parts d1 and d2, and a processor (12) which may be, for example, an arithmetic logic unit, an integrated circuit, or a general purpose processing unit.

In order to generate a digital signature using an elliptic curve, the signer first computes an elliptic curve point K=kG, where k is a random number and G is the generating point of the elliptic curve group. The value k is selected as a per-message secret key and the point K serves as the corresponding per-message public key. The values k and K are also referred to as an ephemeral private key and an ephemeral public key respectively. These values are used to generate a signature (r, s) wherein:
K=kG;

r=Kx mod n, where Kx is the x coordinate of K and n is the order of the generating point G; and

s=k−1(e+dr) mod n, where e is the message to be signed.

The ANSI X9.62 standard provides techniques for interpreting the bit strings corresponding to finite field elements as integers in the above calculations. The standard also provides some guidelines on what elliptic curve groups and finite fields can be used.

Several algorithms, using both direct and indirect methods, may be used to compute kG in order to obtain the elliptic curve point K. Algorithms to compute signature components are potentially vulnerable to power analysis attacks since they perform different operations depending on the bits in the secret values. Repeated iterations of the algorithm use the same secret values, and so their power traces are statistically correlated to the secret values.

In order to mask a private key or other secret value to improve resistance to DPA-like attacks, a random value is introduced into the algorithm as shown in FIG. 2. This random value avoids repeated use of a secret value in order to eliminate correlation among the power traces. There will be no signal to differentiate from the background noise since no operation is repeated on subsequent iterations of the algorithm.

In the case of a long-term private key, the private key d is split into two parts d1 and d2 such that d=d1+d2. As seen in FIG. 2, the card generates its private key d (110), then computes the public key dG (112). The public key is sent to the server (114), which keeps it in a directory for future use. A smart card is initialized with a private key d being split into the values d1=d (118) and d2=0 (116) as is illustrated in FIG. 2. The initialization is performed either by embedding the private key at manufacture or by instructing the smart card to generate its own private key. These initial values d1 and d2 are stored in the device instead of storing the value for d. Each time a digital signature is generated, a random value Δ is generated using the hardware random number generator 11 and d1 and d2 are updated as follows:
d 1 =d 1(old)+Δ (mod n), and d 2 =d 2(old)−Δ (mod n).

The formula for s, one component of the digital signature, then becomes:
s=k −1(e+(d 1 r+d 2 r)) mod n.

When computing the above formula, the quantities d1, and d2 are essentially random values because of the random quantity Δ that is introduced after each signature. When comparing subsequent signatures, there is no correlation in the side channels to either the calculation of d,r or d2r corresponding to the secret key d since the quantities d1 and d2 are randomized in each successive signature but only together does the correlation to d emerge and this changes every time. As a result, leakage of the private key d is minimized when computing the component s of the digital signature. However, the component r of the digital signature is also calculated using the private key k and the calculation of r has still in the past been vulnerable to power analysis type attacks. In order to compute r, the signer must compute kG and so information about the value of the secret key k may leak during the repeated group operations.

In order to protect the per-message secret key k during computation of r, the signer modifies the group generator used. In order to mask the value of k, a random value β is introduced and stored for each smart card such that G′=βG where β is a random number generated for each smart card. The point G′ can be used as a secret generating point for each user, thus using the random value β to hide some information about k.

It is recognized that the signer's effective per-message secret key is kβ, corresponding to the public key kβG. The security is thus based on the secrecy of the derived value kβ, which could be computed from k and β, both of which are secret. It is also recognized that the per-message secret key may be regarded as k and the per-message public key as kG′. However, unless the point G′ were shared publicly, knowledge of k alone would not permit the computation of shared keys based on kG′.

During smart card personalization, when the private/public key pair is generated on the smart card, the point G′ is computed. The introduction of β in the calculation of a digital signature means the formula still contains a constant value, making it vulnerable to power analysis type attacks. In order to overcome these attacks, β is split into two parts β1 and β2, and those parts are updated by a random value π every time a signature is generated. This process is detailed in FIG. 3.
β11(old)+π.
β22(old)−π.

In order to verify signatures produced in this manner, the verifier uses standard ECDSA verification from ANSI X9.62 since the signer's secret key remains unchanged when using this technique.

Thus the formulae for the ECDSA signature scheme in the preferred embodiment are:
K=kG′;

r=Kx mod n, where Kx, is the x coordinate of K and n is the order of the point G′; and
s=( 1 +kβ 2)−1 (e+(d 1 r+d 2 r)) mod n.

Using these formulae to compute ECDSA signatures reduces the vulnerability of the algorithm to power analysis attacks. It is recognized that similar techniques may be applied to other signatures. For example, ECNR or any other signature form could be used. These techniques may also be used individually, not necessarily in combination. Also, the ECDSA signature equation is not a necessary component of these techniques.

FIG. 3 shows the generation of a digital signature in accordance with the above protocol. First, the signer generates a random private session key k (200), and stores k (210) for future use in the algorithm. The signer updates the values β1 (224) and β2 (226) as described above by generating a random π (222) and then computes the public session key r (220). The signer then obtains the input message e or hash thereof (250). The signer then computes the signature s (260). The signer updates the private key parts d1 (264) and d2 (266) as described earlier by generating a random Δ (262).

The inverse algorithm used in the generation of the digital signature to compute k−1 is also potentially vulnerable to power analysis attacks since it performs repeated operations on the secret key every time a signature is generated. This vulnerability is reduced in a further embodiment by introducing a random w and computing (kw)−1 instead of W−1. The signing formula works since k−1=w(kw)−1.

Thus the formulae for the ECDSA signature scheme in this embodiment are:
K=kG′;

r=Kx mod n, where Kx is the x coordinate of K and n is the order of the point G′; and
s=w(kwβ 1 +kwβ 2)−1 (e+(d 1 r+d 2 r)) mod n.

Updating the parts of the private key may occur before or after the generation of the random w.

In a further embodiment, since G′=β1G+β2G, the value of kG′ can be computed as (kβ1)G+(kβ2)G. In this way, the value of k is masked when computing kG′, even if the value of β is determined. The formula for K then becomes: K=(kβ1)G+(kβ2 )G.

Although the invention has been described with reference to certain specific embodiments, various modifications thereof will be apparent to those skilled in the art without departing from the spirit and scope of the invention as outlined in the claims appended hereto. For example, it is not necessary that there be two components combining to make the private key.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US4519036Jan 5, 1983May 21, 1985Emi LimitedProgram storage hardware with security scheme
US5202995Sep 3, 1992Apr 13, 1993International Business Machines CorporationMethod for removing invariant branches from instruction loops of a computer program
US5511198Feb 28, 1994Apr 23, 1996Fujitsu LimitedOptimizing compiler for shortening execution time of object program
US5524222Nov 22, 1994Jun 4, 1996Cyrix CorporationMicrosequencer allowing a sequence of conditional jumps without requiring the insertion of NOP or other instructions
US5627893Dec 20, 1993May 6, 1997Telstra Corporation LimitedCryptographic method
US5650948Jun 7, 1995Jul 22, 1997Texas Instruments IncorporatedMethod and system for translating a software implementation with data-dependent conditions to a data flow graph with conditional expressions
US5675645Apr 18, 1995Oct 7, 1997Ricoh Company, Ltd.Method and apparatus for securing executable programs against copying
US5757918 *Sep 30, 1996May 26, 1998Tandem Computers IncorporatedMethod and apparatus for user and security device authentication
US5764772Dec 15, 1995Jun 9, 1998Lotus Development CoporationDifferential work factor cryptography method and system
US5768389 *Jun 20, 1996Jun 16, 1998Nippon Telegraph And Telephone CorporationMethod and system for generation and management of secret key of public key cryptosystem
US5778069 *Apr 10, 1996Jul 7, 1998Microsoft CorporationNon-biased pseudo random number generator
US5825880 *Jun 4, 1997Oct 20, 1998Sudia; Frank W.Multi-step digital signature method and system
US5892899Jun 13, 1996Apr 6, 1999Intel CorporationTamper resistant methods and apparatus
US5937066 *Oct 2, 1996Aug 10, 1999International Business Machines CorporationTwo-phase cryptographic key recovery system
US6279110 *Nov 10, 1997Aug 21, 2001Certicom CorporationMasked digital signatures
US6298135 *Apr 29, 1999Oct 2, 2001Motorola, Inc.Method of preventing power analysis attacks on microelectronic assemblies
US6304658Dec 31, 1998Oct 16, 2001Cryptography Research, Inc.Leak-resistant cryptographic method and apparatus
US6334189Nov 20, 1998Dec 25, 2001Jamama, LlcUse of pseudocode to protect software from unauthorized use
US6411715 *Nov 10, 1998Jun 25, 2002Rsa Security, Inc.Methods and apparatus for verifying the cryptographic security of a selected private and public key pair without knowing the private key
US6419159 *Jun 14, 1999Jul 16, 2002Microsoft CorporationIntegrated circuit device with power analysis protection circuitry
US6446207 *Jan 29, 1998Sep 3, 2002Certicom CorporationVerification protocol
US6496929 *Apr 12, 2002Dec 17, 2002Citibank, NaGenerating RSA moduli including a predetermined portion
US6724894 *Nov 5, 1999Apr 20, 2004Pitney Bowes Inc.Cryptographic device having reduced vulnerability to side-channel attack and method of operating same
US6873706 *Sep 29, 1999Mar 29, 2005Hitachi, Ltd.Processing apparatus, program, or system of secret information
US7421074 *Oct 8, 2004Sep 2, 2008Samsung Electronics Co., Ltd.Security system using RSA algorithm and method thereof
US20010053220 *Aug 15, 2001Dec 20, 2001Cryptography Research, Inc.Cryptographic computation using masking to prevent differential power analysis and other attacks
US20020166058 *Sep 26, 2001Nov 7, 2002Fujitsu LimitedSemiconductor integrated circuit on IC card protected against tampering
US20030044003 *Aug 31, 2001Mar 6, 2003International Business Machines CorporationSpace-efficient, side-channel attack resistant table lookups
US20030048903 *Dec 28, 2001Mar 13, 2003Fujitsu LimitedEncryption secured against DPA
US20030061498 *Dec 20, 2000Mar 27, 2003Hermann DrexlerPortable data carrier provided with access protection by dividing up codes
FR2672402A1 Title not available
WO1998000771A1Jun 27, 1997Jan 8, 1998Northern Telecom LtdDistribution and controlled use of software products
WO1998052319A1May 12, 1998Nov 19, 1998Yeda Res & DevImproved method and apparatus for protecting public key schemes from timing and fault attacks
WO2000042733A1Jan 14, 2000Jul 20, 2000Certicom CorpMethod and apparatus for masking cryptographic operations
Non-Patent Citations
Reference
1Deitel, Harvey M.; Deitel, P.J.; C++ How to Program++; 1994; pp. 58-62; Prentice-Hall.
2Johnson, Don, Menezes, Alfred, Vanstone, Scott, "The Elliptic Curve Digital Signature Algorithm (ECDSA)", Certicom Corporation White Paper, 2001, pp. 25-26.
3Kelsey, John, Schneier, Bruce, Wagner, David, Hall, Chris, "Side Channel Cryptanalysis of Product Ciphers," Journal of Computer Security, 2000, pp. 141-158, vol. 8, No. 2-3, IOS Press, Amsterdam, The Netherlands.
4Kocher, Paul C., "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," Advances in Cryptology CRYPTO'96, Proceedings of the 16th Annual International Cryptology Conference, Aug. 18-22, 1996, vol. 1109, Springer.
5Kocher, Paul, Jaffe, Joshua, Jun, Benjamin, "Differential Power Analysis," Advances in Cryptology CRYPTO'99, Proceeding of the 19th Annual International Cryptology Conference, Aug. 1999, Springer-Verlag, Berlin, Germany.
6Kocher, Paul; Jaffe, Joshua, Jun, Benjamin; "Introduction to Differential Power Attack Analysis and Related Attacks"; 1998; http://www.cryptography.com/dpa/technical.
7Shreih, Raghid; Examiner's Report issued in respect of Canadian Patent Application No. 2,259,089; Feb. 2, 2009; received by applicant's agent Feb. 9, 2009.
8Wharton, John; An introduction to the IntelIR MCS-s1 TM Single-Chip Microcomputer Family; Intel Application Note AP-69; May 1980; U.S.A.
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US7903811 *Jul 12, 2006Mar 8, 2011Samsung Electronics Co., Ltd.Cryptographic system and method for encrypting input data
US8054967 *Apr 15, 2005Nov 8, 2011Panasonic CorporationComputer system and computer program executing encryption or decryption
US8204232Jan 18, 2006Jun 19, 2012Certicom Corp.Accelerated verification of digital signatures and public keys
US8386791 *Mar 7, 2005Feb 26, 2013Oberthur TechnologiesSecure data processing method based particularly on a cryptographic algorithm
US8396213 *Mar 12, 2013Certicom Corp.Elliptic curve random number generation
US8467535Mar 7, 2011Jun 18, 2013Certicom Corp.Accelerated verification of digital signatures and public keys
US8525545Aug 27, 2012Sep 3, 2013Lockheed Martin CorporationPower isolation during sensitive operations
US8548165 *Oct 27, 2011Oct 1, 2013Certicom Corp.Method of compressing a cryptographic value
US8600046 *Dec 5, 2008Dec 3, 2013Sagem SecuriteMethod of coding a secret formed by a numerical value
US8624624Nov 15, 2012Jan 7, 2014Lockheed Martin CorporationPower isolation during sensitive operations
US8656175 *Oct 24, 2006Feb 18, 2014Panasonic CorporationSecure processing device, secure processing method, encrypted confidential information embedding method, program, storage medium, and integrated circuit
US8745376Oct 14, 2011Jun 3, 2014Certicom Corp.Verifying implicit certificates and digital signatures
US8775813 *Feb 26, 2010Jul 8, 2014Certicom Corp.ElGamal signature schemes
US8788827Sep 14, 2012Jul 22, 2014Certicom Corp.Accelerated verification of digital signatures and public keys
US8806197May 23, 2012Aug 12, 2014Certicom Corp.Accelerated verification of digital signatures and public keys
US8948388Feb 19, 2013Feb 3, 2015Certicom Corp.Elliptic curve random number generation
US8964971 *Jul 11, 2008Feb 24, 2015Certicom Corp.Method of providing text representation of a cryptographic value
US9081968Dec 11, 2013Jul 14, 2015International Business Machines CorporationQuantitative analysis of information leakage vulnerabilities
US9251352Mar 18, 2015Feb 2, 2016International Business Machines CorporationQuantitative analysis of information leakage vulnerabilities
US20070121935 *Jun 17, 2004May 31, 2007GemplusMethod for countermeasuring in an electronic component
US20070177720 *Mar 7, 2005Aug 2, 2007Oberthur Card Systems SaSecure data processing method based particularly on a cryptographic algorithm
US20070189527 *Jan 23, 2006Aug 16, 2007Brown Daniel R LElliptic curve random number generation
US20070237326 *Apr 15, 2005Oct 11, 2007Masao NonakaComputer System and Computer Program Executing Encryption or Decryption
US20080044010 *Jul 12, 2006Feb 21, 2008Ihor VasyltasovCryptographic system and method for encrypting input data
US20090022309 *Jul 11, 2008Jan 22, 2009Vanstone Scott AMethod of providing text representation of a cryptographic value
US20090132830 *Oct 24, 2006May 21, 2009Tomoyuki HagaSecure processing device, secure processing method, encrypted confidential information embedding method, program, storage medium, and integrated circuit
US20100254531 *Dec 5, 2008Oct 7, 2010Sagem SecuriteMethod of Coding a Secret Formed by a Numerical Value
US20110194694 *Aug 11, 2011Certicom Corp.Accelerated Verification of Digital Signatures and Public Keys
US20110213982 *Feb 26, 2010Sep 1, 2011Certicom Corp.Elgamal signature schemes
US20120039466 *Oct 27, 2011Feb 16, 2012Certicom CorporationMethod of Compressing a Cryptographic Value
Classifications
U.S. Classification380/30, 380/28, 726/36
International ClassificationH04L9/00, G08B29/00, H04K1/00, G06F7/72, G06F1/26, H04L9/32
Cooperative ClassificationG06F7/723, G06F2207/7233, G06F7/725, H04L9/3066, H04L9/3252, H04L9/003, H04L9/0891
Legal Events
DateCodeEventDescription
Mar 2, 2004ASAssignment
Owner name: CERTICOM CORP., CANADA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LAMBERT, ROBERT J.;REEL/FRAME:014390/0606
Effective date: 20040210
Apr 6, 2004ASAssignment
Owner name: CERTICOM CORP., CANADA
Free format text: DOCUMENT PREVIOUSLY RECORDED AT REEL 014390 FRAME 0606 CONTAINED AN ERROR IN PROPERTY NUMBER 10119401. DOCUMENT RERECORDED TO CORRECT ERRORS ON STATED REEL.;ASSIGNOR:LAMBERT, ROBERT J.;REEL/FRAME:014503/0489
Effective date: 20040210
Dec 14, 2010CCCertificate of correction
Mar 6, 2013FPAYFee payment
Year of fee payment: 4